Microsoft Malware Protection Engine security update

Number: AV17-064
Date: 9 May 2017

Purpose

The purpose of this advisory is to bring attention to a recent security update to Microsoft Malware Protection Engine.

Assessment

CCIRC is aware of a critical vulnerability in the Microsoft Malware Protection Engine. Exploitation of this vulnerability may allow for remote code execution with elevated privileges.

Affected Versions:
Microsoft Malware Protection Engine version 1.1.13701.0 and prior

CVE Reference: CVE-2017-0290

Suggested Action

CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.

References:

https://technet.microsoft.com/en-us/library/security/4022344
https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5
https://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/

Date modified:: 2018-09-26

Language selection

Search

Microsoft Malware Protection Engine security update

Purpose

Assessment

Suggested Action

Note to readers

Microsoft Malware Protection Engine security update

Purpose

Assessment

Suggested Action